Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pacionet
New Contributor II

Created on ‎12-02-2025 12:31 PM Edited on ‎12-02-2025 11:18 PM

ADVPN - IPSEC - BGP - Redistributing static routes

Hi, we set up an ADVPN Hub and Spoke network layout like this:

 

FOSSONE.drawio.png

Hub is Fortigate 3000F, Spoke is Fortigate 60F.

We configured BGP on Hub and Spoke (on the IPSEC Tunnel)

We noticed that "connected networks" of spoke are distributed correctly:

 

10.39.80.0/24 -> IPSEC TUNNEL

 

but the static route (10.172.6.1/32 -> 10.39.80.2) is distributed with the wrong "next hop".

 

On the Hub we got:

10.172.6.1/32 -> 10.39.80.2

instead we would

10.172.6.1/32 -> IPSEC TUNNEL

 

Any hints?

 

Labels:
110
0 Kudos
1 Solution
pacionet
New Contributor II

Created on ‎12-04-2025 02:12 AM

After some googling I found the solution: we set on the spoke:

 

set next-hop-self-rr enable

 

 

View solution in original post

63
2 REPLIES 2
pacionet
New Contributor II

Created on ‎12-04-2025 02:12 AM

After some googling I found the solution: we set on the spoke:

 

set next-hop-self-rr enable

 

 

65
Jean-Philippe_P
Moderator
Moderator

Created on ‎12-04-2025 02:52 AM

Hello pacionet,

 

Thanks for sharing the solution and glad that you solved your issue :)

Regards,
Jean-Philippe - Fortinet Community Team
58
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.